This section provides background information related to the present disclosure which is not necessarily prior art.
In near years, applications of a stream media technology based on a broadband wired network have been developed greatly; furthermore, a stream media technology based on a mobile communication network has been getting matured.
The stream media are such media that may be transmitted in a streaming transmission manner over a network. It is not necessary to download an entire file before the stream media is played, instead, only content of the beginning part of the file is stored into a memory, and data packets are buffered in a User Equipment and media data is outputted correctly. With the streaming transmission manner, a user may enjoy a media file after a start delay of only several or tens of seconds, before the entire media file is downloaded completely. The rest of the file is downloaded subsequently from the server in the background, so that the user may enjoy the file while receiving it.
Copyright is an important aspect to be considered with respect to the transmission of stream media. The Digital Right Management (DRM) is a technology for preventing digital media (such as a game, a ring tone, an image, an audio and a video) from being duplicated illegally or used illegally, and has been deployed commonly in a wired network.
At present, a lot of researches have been carried out on mobile DRM in the world. A mobile DRM standard established by the Open Mobile Alliance (OMA) has been supported and accepted widely. The OMA issued the latest OMA DRM V2.0 on Jun. 14, 2005, which establishes a security-trust model based on Public Key Infrastructure (PKI), architecture of the mobile DRM, a rights description language standard, DRM Content Format (DCF) and Rights Object Acquisition Protocol (ROAP).
An OMA DRM system includes a DRM Agent of a User Equipment, a Content Issuer (CI), a Rights Issue (RI) and the like. In a solution of digital copyright of stream media by the OMA, the stream media are stored in a stream media server. A media stream is encrypted, and a decryption key is arranged in a Right Object (RO), as shown in FIG. 1, the RO includes a copyright use rule 110 and a media stream decryption key (for example, Content Encryption Key (CEK)) 120. After the RO is obtained by the DRM Agent of the User Equipment, the media stream may be decrypted with the decryption key in the RO for enjoying, while the media stream is being downloaded. A particular interaction procedure is shown in FIG. 2, including:
At 11: A User Equipment connects to a web page of a CI, finds interested stream media and requests for downloading the stream media;
At 12: The Content Issuer generates address information Token of the stream media;
At 13A and 13B: The CI sends the Token to the User Equipment and an RI respectively;
At 14: A stream media server and the Rights Issue negotiate to generate an RO;
At 15: The User Equipment requests the RO from the Rights Issuer, with the Token being carried in the request;
At 16: The RI sends the RO to the User Equipment;
At 17: After a session is established between the User Equipment and the stream media server, the stream media server transmits to the User Equipment the DRM protected media stream that is encrypted with the CEK.
After obtaining the DRM protected media stream, the User Equipment decrypts the media stream with the CEK in the RO and plays the media file.
In the prior art, the decryption of a media stream is performed at the Application Layer of the User Equipment. In this case, a strict requirement is raised for the User Equipment, resulting in an increase on additional cost of the User Equipment.
In addition, in implementing a multimedia service such as mobile TV and file downloading, the digital copyright protection method and system in the prior art have a high requirement for the User Equipment, resulting in an increase on additional cost of the User Equipment.
Authentication and encryption services are provided in the Internet Protocol Security (IPSec) by using strong cryptography. The authentication ensures that data is from the intended sender and is not modified during transmission, and the encryption may prevent a data packet from being read without authorization. These services allow a secure channel to be established in an untrusty network. The IPSec provides the encryption and authentication services at the Internet Protocol (IP) layer of the network protocol stack. The IPSec operates at the IP layer and may protect any communication carried over IP.